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DETAILED ACTION 

1 . Claims 1-46 have been examined. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 1-4, 7-15, 18-26, and 29-46 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bhat et al. U.S. Pub. No. 20050240763 (hereinafter Bhat) in view of 
Bhatnagar et al. U.S. Pub. No. 20050021964 (hereinafter Bhat2). 

4. As per claim 1, Bhat discloses a system, comprising: at least one first identity comprising 
any of a user, a user agent and a principal (Bhat:[0063]-[0064]: user ID and password); an 
authentication agency (Bhat: [0065]: authentication service module); means for sending a login 
request from the first entity to the authentication agency (Bhat: [0063]-[0065]); means for 
receiving an assertion at the first entity from the authentication agency in response to the log in 
request (Bhat: [0066]: receive the login token); means for authenticating the first entity at a 
participant with the received assertion (Bhat: [0050]: the URL access service); means for sending 
a request for service on behalf of the first entity from a second entity comprising any of the 
participant and a service consumer associated with the participant to any of the authentication 
agency and a discovery service associated with the authentication agency, using the assertion 
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(Bhat: [0031]: the URL access service determines access is authorized). Bhat does not explicitly 
disclose means for sending an authorization from the authentication agency to the second entity 
for the requested service in response to the sent request if the first entity is enabled for the 
requested service. However, Bhat2 discloses a client receives a authentication assertion reference 
from an issuing party and present the assertion reference to the relying party and the relying 
party later uses the assertion reference to obtain authorization from the issuing party (Bhat2: 
[0015]-[0017] and claim 2). It would have been obvious to one having ordinary skill in the art to 
provide the authentication assertion reference as token to client and allow the relying party to 
retrieve the authentication assertion from the issuing party because both systems use SSO 
scheme. Therefore, it would have been obvious to one having ordinary skill in the art at the time 
of applicant's invention to combine the teachings of Bhat2 within the system of Bhat because it 
allows relying party to be authenticated by the issuing party as well. 

5. As per claim 2, Bhat as modified discloses the system of claim 1 . Bhat as modified 
further discloses the system comprising: at least one identity associated with the first entity, and 
user information associated with at least one of identities (Bhat: [0063]: provide the user 
identity); and at least one core service associated with the system and related to at least a portion 
of the user information (Bhat: [0023]: provide web-based application resources and services). 

6. As per claim 3, Bhat as modified discloses the system of claim 2. Bhat as modified 
further discloses wherein the core service is accessible by the first entity (Bhat: [0026]: access to 
resources is granted after authentication). 
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7. As per claim 4, Bhat as modified discloses the system of claim 2. Bhat as modified 
further discloses wherein the core service is accessible by the participant (Bhat: [0065]-[0066]). 

8. As per claim 7, Bhat as modified discloses the identity based service system of claim 1 . 
Bhat as modified further discloses wherein the basic authentication agency further comprises 
means for translating namespaces, such that a user identity of the first entity in a first namespace 
is translatable to a user identity in a second namespace (Bhat: [0064]- [0066]: after user has been 
authenticate by user name/password, a encrypted login token is provided to user). 

9. As per claim 8, Bhat discloses the system of claim 7. Bhat further discloses wherein the 
user identity in the second namespace is encrypted (Bhat: [0066]: the encrypted login token is 
encrypted). 

10. As per claim 9, Bhat discloses the system of claim 7. Bhat further discloses wherein the 
user identity in the second namespace is time-bound (Bhat: [0074]: SSO token listener to 
determine the time for the SSO token to expire). 

11. As per claim 10, Bhat discloses the system of claim 1 wherein a user identity is 
associated with the first entity, and wherein the system further comprises at least one core 
authentication record associated with the identity, comprising any of services and links 
associated with the identity (Bhat: [0057]). 
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12. As per claim 1 1, 23, and 33, claims 1 1, 23, and 33 encompass the same scope as claim 1. 
Therefore, claims 1 1, 23, and 33 are rejected based the reasons set forth in rejecting claim 1. 

13. As per claim 12-15, 18-22, 24-26, and 29-32, claims 12-15, 18-22, 24-26, and 29-32 
encompass the same scope as claims 1-4 and 7-10. Therefore, claims 12-15, 18-22, 24-26, and 
29-32 are rejected based on the same reasons set forth in rejecting claims 1-4 and 7-10. 

14. As per claim 34, Bhat as modified discloses the process of claim 33. Bhat as modified 
further discloses the second entity comprises any of a network site, a service provider, and a 
store (Bhat2: [0015]: relying party provides service to client). 

15. As per claim 35, Bhat as modified discloses the process of claim 34. Bhat as modified 
further discloses wherein the authorization comprises a service descriptor and a service assertion, 
wherein the service descriptor comprises means for locating the requested service and wherein 
the service assertion comprises a credential to establish the link (Bhat2: [0048]-[049]). 

16. As per claim 36, Bhat as modified discloses the system of claim 1 . Bhat as modified 
further discloses means for invoking the requested service through the second entity using the 
authorization (Bhat2: claim 2: provide requested service). 
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17. As per claim 37, Bhat as modified discloses the system of claim 1. Bhat as modified 
further discloses wherein the participant comprises any of a network site, a service provider and 
a store (Bhat2: [0015]: relying party). 

18. As per claim 38-46, claims 38-46 encompass the same scope as claims 34-36. Therefore, 
claims 38-46 are rejected based on the same reason as set forth above in rejecting claims 34-36. 

Claim Rejections - 35 USC §103 

19. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

20. Claims 5, 6, 16, 17, 27, and 28 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bhat in view of Bhat2 and further in view of Rozmus et al. U.S. Pub. No. 20040267870 
(hereinafter Rozmus). 

21. As per claim 5, Bhat as modified discloses the identity based service system of claim 2. 
Bhat does not explicitly disclose wherein the core service is associated with one or more core 
service providers. However, Rozmus discloses that Single Sign On service can be used to 
authenticate users requesting access to different services desired by a user, such as electronic 
banking, Web e-mail, online shopping, etc. (Rozmus: [0015]). It would have been obvious to one 
having ordinary skill in the art to allow users to access applications or services provided by 
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different service providers to avoid having to be authenticated by each service provider. 
Therefore, it would have been obvious to one having ordinary skill in the art at the time of 
applicant's invention to combine the teachings of Rozmus within the system of Bhat because it 
allows users to access different services not limited to applications or services provided by a 
single service provider. 

22. As per claim 6, Bhat discloses the identity based service system of claim 2. Bhat does not 
explicitly disclose wherein the core service comprises any of an authentication service, a profile 
service, an alert service, a calendar service, and a wallet service. However, Rozmus discloses 
that Single Sign On service can be used to authenticate users requesting access to different 
services desired by a user, such as electronic banking, Web e-mail, online shopping, etc. 
(Rozmus: [0015]). It would have been obvious to one having ordinary skill in the art to allow 
users to access applications or services provided by different service providers to avoid having to 
be authenticated by each service provider. Therefore, it would have been obvious to one having 
ordinary skill in the art at the time of applicant's invention to combine the teachings of Rozmus 
within the system of Bhat because it allows users to access different services not limited to 
applications or services provided by a single service provider. 

23. As per claim 16, 17, 27, and 28, claims 16, 17, 27, and 28 encompass the same scope as 
claims 6 and 7. Therefore, claims 16, 17, 27, and 28 are rejected based on the same reasons set 
forth in rejecting claims 6 and 7. 
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Response to Arguments 

24. Applicant's arguments with respect to claims 1-46 have been considered but are moot in 
view of the new ground(s) of rejection. 

Conclusion 

25. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Barriga-Caceres et al. U.S. Pub. No. 20030163733 discloses method for federated single 
sign-on service using authentication assertions. 

Chao et al. U.S. Pub. No. 20040088578 discloses system for credential delegation using 
identity assertion. 

Favazza et al. U.S. Pub. No. 20040139319 discloses session ticket authentication scheme. 

Stanko U.S. Pub. No. 20050074126 discloses single sign-on over the internet using 
public key cryptography. 

Hardman et al. U.S. Pub. No. 20040059941 discloses system for identifying users and 
providing access to information in a network environment. 

26. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
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the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (571) 272-3789. The 
examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Shin-Hon Chen 
Examiner 
Art Unit 2131 

SC 




